[Dnsmasq-discuss] TCP queries are refused if upstream server is specified with interface

Geert Stappers stappers at hendrikx-itc.nl
Fri Sep 13 12:54:28 BST 2019

On 13-09-2019 13:00, Tore Anderson wrote:

> Start out with the following /etc/dnsmasq.conf, replacing «wlp2s0» as appropriate:
> log-queries
> no-hosts
> no-resolv
> server= at wlp2s0
> Start Dnsmasq and send it a TCP query:
> $ src/dnsmasq -d -p 5333
> dnsmasq: started, version 2.80-72-ge24abf2 cachesize 150
> dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify dumpfile
> dnsmasq: using nameserver wlp2s0)
> dnsmasq: cleared cache
> $ dig @ -p 5333 fud.no A +vc | grep HEADER
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 2916
> Output from Dnsmasq following the above query:
> dnsmasq: query[A] fud.no from
> dnsmasq: config error is REFUSED
> It makes no attempt to contact the upstream server.
> If I remove «@wlp2s0» from the server config, it works fine.
To me does that read:  wlp2s0 can not reach
> A practical consequence of this bug is that I cannot resolve any domain names under *.org with DNSSEC enabled. The initial UDP query results in a truncated answer, so libc/dig retries in TCP mode and fails.
> Note that NetworkManager automatically configures the upstream DNS servers with a specific interface via D-Bus, this behaviour appears hard-coded.

FWIW:  I have also exprienced that NetworkManager can be quite dominate.


Geert Stappers

More information about the Dnsmasq-discuss mailing list